CVE-2015-4625

Priority
Low
Description
Integer overflow in the authentication_agent_new_cookie function in
PolicyKit (aka polkit) before 0.113 allows local users to gain privileges
by creating a large number of connections, which triggers the issuance of a
duplicate cookie value.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (0.105-11ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.105-11ubuntu1)
Ubuntu 17.04 (Zesty Zapus):released (0.105-11ubuntu1)
Patches:
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
More Information

Updated: 2017-08-11 23:18:17 UTC (commit 13081)